As the security of our players remains a priority for us, we are now investigating the source of compromised accounts, number of which has increased in the last few days. The result is that our systems are still safe and working as intended. Our logs however show multiple attempts to login on our website with wrong credentials. While the investigation is still ongoing, we decided to share with you the results so far and what you can do to protect your account, as well as what has been done on our side.
It appears that these "brute force" login attempts were not made with a random username / password combination, since the "hackers" can not simply guess a complex passwords of 7 letters or more: it would take them few years for even a single account. We believe that at least one well known private server had in the past (and possibly still has?) security issues resulting in the passwords of thousands of accounts being leaked. The bad guys are simply trying these passwords on Nostalrius Begins and that is how dozens of accounts got compromised.
This is why we will repeat once again the rules for choosing a good password to keep yourself safe:
- use a unique and complicated password with at least 7 characters but no more than 16, including at least one letter, one number and if possible, one symbol
- never use a password you are already using somewhere else - this is especially true for other private servers, which sometimes are not really well secure
- your password is not easily guessed, in essence not an every-day word in any common language
On our side, we have taken the following actions:
- the number of possible login attempts has been drastically reduced to 1 per minute
- it is only possible to login on the website from your last in-game IP-address. We took this decision because it should not affect a lot of players, and will make these kind of attacks more difficult in the future
Furthermore, all the attempts to gain from these hacks have been traced and the corresponding accounts banned. These hacked accounts are usually used to gather gold that is then sold for real money. Be aware that buying gold on Nostalrius for real money will lead to an account closure. As we detect new ways to avoid our Gold Detetor, we update it and run it again on previous actions of each account. If you already bought gold once, you might get away with today but end up with your account permanently banned next week or even months down the line.
Best regards,
Nostalrius Begins
